chg: [rbl] Small changes on the rbl list and the results handling

misp_modules/modules/expansion/rbl.py

@@ -12,69 +12,69 @@ except ImportError:
 
 misperrors = {'error': 'Error'}
 mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['text']}
-moduleinfo = {'version': '0.1', 'author': 'Christian Studer',
+moduleinfo = {'version': '0.2', 'author': 'Christian Studer',
               'description': 'Check an IPv4 address against known RBLs.',
               'module-type': ['expansion', 'hover']}
 moduleconfig = []
 
-rbls = {
+rbls = (
-    'spam.spamrats.com': 'http://www.spamrats.com',
+    "spam.spamrats.com",
-    'spamguard.leadmon.net': 'http://www.leadmon.net/SpamGuard/',
+    "spamguard.leadmon.net",
-    'rbl-plus.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html',
+    "rbl-plus.mail-abuse.org",
-    'web.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "web.dnsbl.sorbs.net",
-    'ix.dnsbl.manitu.net': 'http://www.dnsbl.manitu.net',
+    "ix.dnsbl.manitu.net",
-    'virus.rbl.jp': 'http://www.rbl.jp',
+    "virus.rbl.jp",
-    'dul.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "dul.dnsbl.sorbs.net",
-    'bogons.cymru.com': 'http://www.team-cymru.org/Services/Bogons/',
+    "bogons.cymru.com",
-    'psbl.surriel.com': 'http://psbl.surriel.com',
+    "psbl.surriel.com",
-    'misc.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "misc.dnsbl.sorbs.net",
-    'httpbl.abuse.ch': 'http://dnsbl.abuse.ch',
+    "httpbl.abuse.ch",
-    'combined.njabl.org': 'http://combined.njabl.org',
+    "combined.njabl.org",
-    'smtp.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "smtp.dnsbl.sorbs.net",
-    'korea.services.net': 'http://korea.services.net',
+    "korea.services.net",
-    'drone.abuse.ch': 'http://dnsbl.abuse.ch',
+    "drone.abuse.ch",
-    'rbl.efnetrbl.org': 'http://rbl.efnetrbl.org',
+    "rbl.efnetrbl.org",
-    'cbl.anti-spam.org.cn': 'http://www.anti-spam.org.cn/?Locale=en_US',
+    "cbl.anti-spam.org.cn",
-    'b.barracudacentral.org': 'http://www.barracudacentral.org/rbl/removal-request',
+    "b.barracudacentral.org",
-    'bl.spamcannibal.org': 'http://www.spamcannibal.org',
+    "bl.spamcannibal.org",
-    'xbl.spamhaus.org': 'http://www.spamhaus.org/xbl/',
+    "xbl.spamhaus.org",
-    'zen.spamhaus.org': 'http://www.spamhaus.org/zen/',
+    "zen.spamhaus.org",
-    'rbl.suresupport.com': 'http://suresupport.com/postmaster',
+    "rbl.suresupport.com",
-    'db.wpbl.info': 'http://www.wpbl.info',
+    "db.wpbl.info",
-    'sbl.spamhaus.org': 'http://www.spamhaus.org/sbl/',
+    "sbl.spamhaus.org",
-    'http.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "http.dnsbl.sorbs.net",
-    'csi.cloudmark.com': 'http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index',
+    "csi.cloudmark.com",
-    'rbl.interserver.net': 'http://rbl.interserver.net',
+    "rbl.interserver.net",
-    'ubl.unsubscore.com': 'http://www.lashback.com/blacklist/',
+    "ubl.unsubscore.com",
-    'dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "dnsbl.sorbs.net",
-    'virbl.bit.nl': 'http://virbl.bit.nl',
+    "virbl.bit.nl",
-    'pbl.spamhaus.org': 'http://www.spamhaus.org/pbl/',
+    "pbl.spamhaus.org",
-    'socks.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "socks.dnsbl.sorbs.net",
-    'short.rbl.jp': 'http://www.rbl.jp',
+    "short.rbl.jp",
-    'dnsbl.dronebl.org': 'http://www.dronebl.org',
+    "dnsbl.dronebl.org",
-    'blackholes.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html',
+    "blackholes.mail-abuse.org",
-    'truncate.gbudb.net': 'http://www.gbudb.com/truncate/index.jsp',
+    "truncate.gbudb.net",
-    'dyna.spamrats.com': 'http://www.spamrats.com',
+    "dyna.spamrats.com",
-    'spamrbl.imp.ch': 'http://antispam.imp.ch',
+    "spamrbl.imp.ch",
-    'spam.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "spam.dnsbl.sorbs.net",
-    'wormrbl.imp.ch': 'http://antispam.imp.ch',
+    "wormrbl.imp.ch",
-    'query.senderbase.org': 'http://www.senderbase.org/about',
+    "query.senderbase.org",
-    'opm.tornevall.org': 'http://dnsbl.tornevall.org',
+    "opm.tornevall.org",
-    'netblock.pedantic.org': 'http://pedantic.org',
+    "netblock.pedantic.org",
-    'access.redhawk.org': 'http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33',
+    "access.redhawk.org",
-    'cdl.anti-spam.org.cn': 'http://www.anti-spam.org.cn/?Locale=en_US',
+    "cdl.anti-spam.org.cn",
-    'multi.surbl.org': 'http://www.surbl.org',
+    "multi.surbl.org",
-    'noptr.spamrats.com': 'http://www.spamrats.com',
+    "noptr.spamrats.com",
-    'dnsbl.inps.de': 'http://dnsbl.inps.de/index.cgi?lang=en',
+    "dnsbl.inps.de",
-    'bl.spamcop.net': 'http://bl.spamcop.net',
+    "bl.spamcop.net",
-    'cbl.abuseat.org': 'http://cbl.abuseat.org',
+    "cbl.abuseat.org",
-    'dsn.rfc-ignorant.org': 'http://www.rfc-ignorant.org/policy-dsn.php',
+    "dsn.rfc-ignorant.org",
-    'zombie.dnsbl.sorbs.net': 'http://www.sorbs.net',
+    "zombie.dnsbl.sorbs.net",
-    'dnsbl.njabl.org': 'http://dnsbl.njabl.org',
+    "dnsbl.njabl.org",
-    'relays.mail-abuse.org': 'http://www.mail-abuse.com/lookup.html',
+    "relays.mail-abuse.org",
-    'rbl.spamlab.com': 'http://tools.appriver.com/index.aspx?tool=rbl',
+    "rbl.spamlab.com",
-    'all.bl.blocklist.de': 'http://www.blocklist.de/en/rbldns.html'
+    "all.bl.blocklist.de"
-}
+)
 
 
 def handler(q=False):
@@ -88,18 +88,16 @@ def handler(q=False):
     else:
         misperrors['error'] = "Unsupported attributes type"
         return misperrors
-    listeds = []
+    infos = {}
-    infos = []
     ipRev = '.'.join(ip.split('.')[::-1])
     for rbl in rbls:
         query = '{}.{}'.format(ipRev, rbl)
         try:
             txt = resolver.query(query, 'TXT')
-            listeds.append(query)
+            infos[query] = [str(t) for t in txt]
-            infos.append([str(t) for t in txt])
         except Exception:
             continue
-    result = "\n".join([f"{listed}: {'  -  '.join(info)}" for listed, info in zip(listeds, infos)])
+    result = "\n".join([f"{rbl}: {'  -  '.join(info)}" for rbl, info in infos.items()])
     if not result:
         return {'error': 'No data found by querying known RBLs'}
     return {'results': [{'types': mispattributes.get('output'), 'values': result}]}